// @login & register
const express = require('express');
const router = express.Router();
const bcrypt = require("bcrypt");
const gravatar = require('gravatar');
const jwt = require('jsonwebtoken');
const passport = require('passport');

const keys = require("../../config/keys");
// 引入models
const User = require("../../models/User");

// $route  POST api/users/register
// @desc   返回的请求的json数据
// @access public
router.post('/register', (req, res) => {
  // res.json(req.body)
  // 查询数据库中是否拥有邮箱
  User.findOne({email:req.body.email})
  .then((user) => {
    if (user) {
      return res.status(400).json('邮箱已被注册！')
    }else {
      const avatar = gravatar.url(req.body.email, { s: '200', r: 'pg', d: 'mm' });

      const newUser = new User({
        name: req.body.name,
        email: req.body.email,
        avatar,
        password: req.body.password,
        identity: req.body.identity
      });

      bcrypt.genSalt(10, function (err, salt) {
        bcrypt.hash(newUser.password, salt,  (err, hash) => {
          // Store hash in your password DB.
          if(err) throw err;

          newUser.password = hash;
          newUser.save()
                 .then(user => res.json(user))
                 .catch(err => console.log(err))
        });
      });
    }
  })
});

// $route  POST api/users/login
// @desc   返回token jwt passport
// @access public
router.post('/login',(req,res) => {
  const email = req.body.email;
  const password = req.body.password;
  // 查询数据库
  User.findOne({email})
      .then(user => {
        if(!user) {
          return res.status(404).json('用户不存在')
        }

        // 密码匹配
        bcrypt.compare(password, user.password)
              .then(isMatch => {
                if (isMatch) {
                  // jwt.sign("规则","加密名字","过期时间","箭头函数")
                  const rule = {
                    id: user.id, 
                    name: user.name,
                    avatar: user.avatar,
                    identity: user.identity
                  }
                  // 获取token 值
                  // token 相当于一个令牌或者钥匙，当我们需要发送请求的时候，需要带着这个钥匙去拿数据信息
                  jwt.sign(rule,keys.secretOrKey,{expiresIn: 3600},(err, token) => {
                    if(err) throw err;
                    res.json({
                      success: true,
                      token: 'Bearer ' + token //  这里一定要是Bearer+空格，这样passport才能验证通过
                    });
                  });
                  // res.json({msg: "success"});
                }else {
                  return res.status(400).json('密码错误！');
                }
              })
      })   
})

// $route  GET api/users/current
// @desc   return current user
// @access Private
//  passport.authenticate('jwt',{session: false})  这个参数用来验证token
router.get("/current", passport.authenticate('jwt',{session: false}),(req, res) => {
  res.json({
    id: req.user.id, 
    name: req.user.name,
    email: req.user.email,
    identity: req.user.identity
  });
})

module.exports = router;